Skip to content

Commit

Permalink
Gosec fixes (#60)
Browse files Browse the repository at this point in the history
* gosec issues fix, specifically G304 https://securego.io/docs/rules/g304.html
enable actions gosec check for all except tests

* fix yaml

* fix gosec error in semver
  • Loading branch information
ChristianAtDell committed Oct 15, 2024
1 parent 1da7c0e commit 4f5f08a
Show file tree
Hide file tree
Showing 8 changed files with 37 additions and 38 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/actions.yml
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,8 @@ jobs:
uses: actions/checkout@v2
- name: Run Go Security
uses: securego/gosec@master
with:
args: -exclude-dir=tests ./...
malware_security_scan:
name: Malware Scanner
runs-on: ubuntu-latest
Expand Down
3 changes: 1 addition & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,7 @@ RUN microdnf install yum \
&& microdnf clean all

ENV USER_UID=1001 \
USER_NAME=dell-csm-operator \
X_CSM_OPERATOR_CONFIG_DIR="/etc/config/dell-csm-operator"
USER_NAME=dell-csm-operator
WORKDIR /
COPY --from=builder /workspace/manager .
COPY operatorconfig/ /etc/config/dell-csm-operator
Expand Down
9 changes: 6 additions & 3 deletions core/semver/semver.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
"io/ioutil"
"os"
"os/exec"
"path/filepath"
"regexp"
"runtime"
"strconv"
Expand Down Expand Up @@ -57,7 +58,7 @@ func main() {
format = "ver"
} else {
if fileExists(format) {
buf, err := ioutil.ReadFile(format)
buf, err := ioutil.ReadFile(filepath.Clean(format))
if err != nil {
fmt.Fprintf(os.Stderr, "error: read tpl failed: %v\n", err)
os.Exit(1)
Expand All @@ -70,13 +71,15 @@ func main() {

var w io.Writer = os.Stdout
if len(output) > 0 {
fout, err := os.Create(output)
fout, err := os.Create(filepath.Clean(output))
if err != nil {
fmt.Fprintf(os.Stderr, "error: %v\n", err)
os.Exit(1)
}
w = fout
defer fout.Close()
if err := fout.Close(); err != nil {
fmt.Fprintf(os.Stderr, "error closing file: %v\n", err)
}
}

gitdesc := chkErr(doExec("git", "describe", "--long", "--dirty"))
Expand Down
35 changes: 16 additions & 19 deletions main.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ import (
"fmt"
"io/ioutil"
"os"
"path/filepath"
osruntime "runtime"
"strconv"
"time"
Expand Down Expand Up @@ -48,6 +49,10 @@ import (
)

const (
// ConfigDir path to driver deployment files
ConfigDir = "/etc/config/dell-csm-operator"
// Operatorconfig sub folder for deployment files
Operatorconfig = "operatorconfig"
// K8sMinimumSupportedVersion is the minimum supported version for k8s
K8sMinimumSupportedVersion = "1.21"
// K8sMaximumSupportedVersion is the maximum supported version for k8s
Expand Down Expand Up @@ -129,27 +134,19 @@ func getOperatorConfig(log *zap.SugaredLogger) utils.OperatorConfig {
log.Infof("Current kubernetes version is %s which is a supported version ", kubeVersion)
}

// Get the environment variable config dir
configDir := os.Getenv("X_CSM_OPERATOR_CONFIG_DIR")
if configDir == "" {
// Set the config dir to the folder pkg/config
configDir = "operatorconfig"
k8sPath = fmt.Sprintf("%s%s", configDir, k8sPath)
_, err = ioutil.ReadDir(filepath.Clean(ConfigDir))
if err != nil {
log.Errorw(err.Error(), "cannot find driver config path", ConfigDir)
cfg.ConfigDirectory = Operatorconfig
log.Infof("Use ConfigDirectory %s", cfg.ConfigDirectory)
k8sPath = fmt.Sprintf("%s%s", Operatorconfig, k8sPath)
} else {
k8sPath = fmt.Sprintf("%s%s", configDir, k8sPath)
_, err := ioutil.ReadFile(k8sPath)
if err != nil {
// This means that the configmap is not mounted
// fall back to the local copy
log.Error(err, "Error reading file from the configmap mount")
log.Info("Falling back to local copy of config files")
configDir = "/etc/config/local/dell-csm-operator"
k8sPath = fmt.Sprintf("%s%s", configDir, k8sPath)
}

cfg.ConfigDirectory = filepath.Clean(ConfigDir)
log.Infof("Use ConfigDirectory %s", cfg.ConfigDirectory)
k8sPath = fmt.Sprintf("%s%s", ConfigDir, k8sPath)
}
cfg.ConfigDirectory = configDir
buf, err := ioutil.ReadFile(k8sPath)

buf, err := ioutil.ReadFile(filepath.Clean(k8sPath))
if err != nil {
log.Info(fmt.Sprintf("reading file, %s, from the configmap mount: %v", k8sPath, err))
}
Expand Down
14 changes: 7 additions & 7 deletions pkg/drivers/commonconfig.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ func GetController(ctx context.Context, cr csmv1.ContainerStorageModule, operato
log := logger.GetLogger(ctx)
configMapPath := fmt.Sprintf("%s/driverconfig/%s/%s/controller.yaml", operatorConfig.ConfigDirectory, driverName, cr.Spec.Driver.ConfigVersion)
log.Debugw("GetController", "configMapPath", configMapPath)
buf, err := ioutil.ReadFile(configMapPath)
buf, err := ioutil.ReadFile(filepath.Clean(configMapPath))
if err != nil {
log.Errorw("GetController failed", "Error", err.Error())
return nil, err
Expand Down Expand Up @@ -89,8 +89,8 @@ func GetController(ctx context.Context, cr csmv1.ContainerStorageModule, operato
}
}
if !removeContainer {
utils.ReplaceAllContainerImageApply(operatorConfig.K8sVersion, &c)
utils.UpdateSideCarApply(cr.Spec.Driver.SideCars, &c)
utils.ReplaceAllContainerImageApply(operatorConfig.K8sVersion, &containers[i])
utils.UpdateSideCarApply(cr.Spec.Driver.SideCars, &containers[i])
newcontainers = append(newcontainers, c)
}

Expand Down Expand Up @@ -122,7 +122,7 @@ func GetNode(ctx context.Context, cr csmv1.ContainerStorageModule, operatorConfi
log := logger.GetLogger(ctx)
configMapPath := fmt.Sprintf("%s/driverconfig/%s/%s/%s", operatorConfig.ConfigDirectory, driverType, cr.Spec.Driver.ConfigVersion, filename)
log.Debugw("GetNode", "configMapPath", configMapPath)
buf, err := ioutil.ReadFile(configMapPath)
buf, err := ioutil.ReadFile(filepath.Clean(configMapPath))
if err != nil {
log.Errorw("GetNode failed", "Error", err.Error())
return nil, err
Expand Down Expand Up @@ -172,8 +172,8 @@ func GetNode(ctx context.Context, cr csmv1.ContainerStorageModule, operatorConfi
}
}

utils.ReplaceAllContainerImageApply(operatorConfig.K8sVersion, &c)
utils.UpdateSideCarApply(cr.Spec.Driver.SideCars, &c)
utils.ReplaceAllContainerImageApply(operatorConfig.K8sVersion, &containers[i])
utils.UpdateSideCarApply(cr.Spec.Driver.SideCars, &containers[i])

}

Expand Down Expand Up @@ -241,7 +241,7 @@ func GetCSIDriver(ctx context.Context, cr csmv1.ContainerStorageModule, operator
log := logger.GetLogger(ctx)
configMapPath := fmt.Sprintf("%s/driverconfig/%s/%s/csidriver.yaml", operatorConfig.ConfigDirectory, driverName, cr.Spec.Driver.ConfigVersion)
log.Debugw("GetCSIDriver", "configMapPath", configMapPath)
buf, err := ioutil.ReadFile(configMapPath)
buf, err := ioutil.ReadFile(filepath.Clean(configMapPath))
if err != nil {
log.Errorw("GetCSIDriver failed", "Error", err.Error())
return nil, err
Expand Down
4 changes: 0 additions & 4 deletions pkg/drivers/powerscale.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ import (

csmv1 "github.com/dell/csm-operator/api/v1alpha1"
"github.com/dell/csm-operator/pkg/logger"
"github.com/go-logr/logr"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/types"
Expand All @@ -16,9 +15,6 @@ import (
// +kubebuilder:scaffold:imports
)

// Log global for all methods in this file
var Log logr.Logger

const (
// PowerScalePluginIdentifier -
PowerScalePluginIdentifier = "powerscale"
Expand Down
5 changes: 3 additions & 2 deletions pkg/modules/authorization.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"errors"
"fmt"
"io/ioutil"
"path/filepath"
"strconv"
"strings"

Expand Down Expand Up @@ -65,7 +66,7 @@ func getAuthApplyCR(cr csmv1.ContainerStorageModule, op utils.OperatorConfig) (*
}

configMapPath := fmt.Sprintf("%s/moduleconfig/authorization/%s/container.yaml", op.ConfigDirectory, authConfigVersion)
buf, err := ioutil.ReadFile(configMapPath)
buf, err := ioutil.ReadFile(filepath.Clean(configMapPath))
if err != nil {
return nil, nil, err
}
Expand Down Expand Up @@ -124,7 +125,7 @@ func getAuthApplyVolumes(cr csmv1.ContainerStorageModule, op utils.OperatorConfi
}

configMapPath := fmt.Sprintf("%s/moduleconfig/authorization/%s/volumes.yaml", op.ConfigDirectory, version)
buf, err := ioutil.ReadFile(configMapPath)
buf, err := ioutil.ReadFile(filepath.Clean(configMapPath))
if err != nil {
return nil, err
}
Expand Down
3 changes: 2 additions & 1 deletion pkg/utils/utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"io/ioutil"

"fmt"
"path/filepath"
"strings"

csmv1 "github.com/dell/csm-operator/api/v1alpha1"
Expand Down Expand Up @@ -331,7 +332,7 @@ func LogBannerAndReturn(result reconcile.Result, err error) (reconcile.Result, e
func GetModuleDefaultVersion(driverConfigVersion string, driverType csmv1.DriverType, moduleType csmv1.ModuleType, path string) (string, error) {
/* TODO(Michal): review with Team */
configMapPath := fmt.Sprintf("%s/moduleconfig/common/version-values.yaml", path)
buf, err := ioutil.ReadFile(configMapPath)
buf, err := ioutil.ReadFile(filepath.Clean(configMapPath))
if err != nil {
return "", err
}
Expand Down

0 comments on commit 4f5f08a

Please sign in to comment.